Most companies still not ready security incidents

Lancope-sponsored survey by Ponemon Institute shows that most business managers still know little of the security threats their companies face, or invest enough in the tools of incident response

  • 10 years ago Posted in

Are we as prepared as we think when it comes to cyber security? Well, the answer, according to the latest report prepared by the Ponemon Institute for network visibility and security intelligence specialist, Lancope, the answer would appear to be `no’.

According to the findings of the report, entitled `Cyber Security Incident Response: Are we as prepared as we think?’, CEOs and other members of the management team are in the dark about potential cyber-attacks against their companies, while security threats are imminent.

The research also shows that, as a result, Computer Security Incident Response Teams (CSIRTs) often lack the resources necessary to fend off the continuous onslaught of advanced threats facing today’s organisations.

The Ponemon Instituteresearch surveyed 674 IT and IT security professionals in the United Kingdom and United States who are involved in their organisation’s CSIRT activities. The study concludes with key recommendations for organisations looking to improve their incident response process.

Amongst the key findings from the study is the strong feeling that security incidents continue to be imminent, with 68 percent of respondents saying their organisation experienced a security breach or incident in the past 24 months. Forty-six percent say another incident is imminent and could happen within the next six months.

Perhaps the most worrying finding is that company managements are largely unaware of cyber security threats. Some 80 percent of respondents reported that they don’t frequently communicate with executive management about potential cyber-attacks against their organisation.

This does, of course, beg the question of why this should be. If it is because CSIRT professionals feel unable to confront managements, or managements turn a deaf ear to advice and information on the subject, then perhaps those managements deserve all that is inevitably coming their way.

The survey also showed that organisations are not measuring the effectiveness of their incident response efforts, with 50 percent of respondents not having meaningful operational metrics to measure the overall effectiveness of incident response. This means that security breaches can remain unresolved for up to a month or more. While most organisations said they could identify a security incident within a matter of hours, it takes an entire month on average to work through the process of incident investigation, service restoration and verification.

It also found that network audit trails are the most effective tool for incident response. Eighty percent of respondents say that analysis of audit trails from sources like NetFlow and packet captures is the most effective approach for detecting security incidents and breaches. This choice was more popular than intrusion detection systems and anti-virus software.

From the security professionals’ point of view one of the most significant findings is that CSIRTs lack adequate investment support. Half of all respondents say that less than 10 percent of their security budgets are used for incident response activities, and most say their incident response budgets have not increased in the past 24 months.

 “The findings of our research suggest that companies are not always making the right investments in incident response,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “As a result, they may not be as prepared as they should be to respond to security incidents. One recommendation is for organisations to elevate the importance of incident response and make it a critical component of their overall business strategy.”

Mike Potts, president and CEO of Lancope, added the thought that if 2013 is any indication, today’s enterprises are ill-equipped to identify and halt sophisticated attacks launched by nation-states, malicious outsiders and determined insiders.

“Now is the time for C-level executives and IT decision-makers to come together and develop stronger, more comprehensive plans for incident response. This communication is critical if we want to reduce the astounding frequency of high-profile data breaches and damaging corporate losses we are seeing in the media on a near-daily basis.”

Talent and training partner, mthree, which supports major global tech, banking, and business...
On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
GPUaaS provides customers on-demand access to powerful accelerated resources for AI, machine...
TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.